My splunk enterprise is stuck below and not starting.
Splunk> 4TW Checking prerequisites... Checking http port : open Checking mgmt port : open Checking appserver port [127.0.0.1:8065]: open Checking kvstore port : open Checking configuration... Done. Checking critical directories... Done Checking indexes... Validated: _audit _internal _introspection _telemetry _thefishbucket collectd history mail main secure summary unix_summary Done Checking filesystem compatibility... Done Checking conf files for problems... Done Checking default conf files for edits... Validating installed files against hashes from '/opt/splunk/splunk-7.3.0-657388c7a488-linux-2.6-x86_64-manifest' File '/opt/splunk/etc/system/default/alert_actions.conf' changed. Problems were found, please review your files and move customizations to local All preliminary checks passed. Starting splunk server daemon (splunkd)... Done [ OK ] Waiting for web server at https://127.0.0.1:8000 to be available...
Can someone help please?
Check if there is any error message at splunkd.log/webservice.log at $SPLUNKHOME/var/log/splunk.
I had similar issues in the past and I am not able to identify the root cause even doing some troubleshooting on the log files I mentioned.
To fix the web server issues in my case, I have to reinstall Splunk using the same version already previously installed and it had worked. Try to revert the previous changes you had deployed to check it can be the root cause.
Please run a backup first at the entire /etc folder before you deploy any changes, just to make sure you are able to recover all the configuration and apps.